Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Microsoft Isn’t Worried About ‘The Collector’s’ Password Cache

    By
    Pedro Hernandez
    -
    May 11, 2016
    Share
    Facebook
    Twitter
    Linkedin
      Microsoft email security

      Last week, the computer security industry was abuzz with the revelation that “The Collector,” a Russian Hacker, had amassed 272 million stolen log-ins, affecting major online email providers, including Yahoo,Google, Mail.ru and Microsoft’s own Hotmail.

      Alex Weinert, group program manager of Microsoft’s Identity Protection team, took to the company’s blog to reveal the impact of the seemingly major breach on the company’s user base—in short, not much.

      Less than 10 percent of the usernames on The Collector’s list matched an account on Microsoft’s systems, Weinert said. Of those, 1.03 percent had the proper corresponding password, meaning that less than 0.1 percent of the list had a correct username-password match for a Microsoft account.

      From there, the risk to Microsoft’s users kept shrinking.

      “But remember, our machine-learning systems and algorithms find and automatically protect most compromised credentials before any disclosure. In this case, we had already protected 58.3 percent of that 0.1 percent because we had already caught an invalid access attempt or other suspicious activity,” Weinert explained.

      All told, a mere 0.042 percent of the stolen credentials on The Collector’s list were at risk. Affected consumer accounts have been flagged by Microsoft so that the next time their users log in, they will be asked to verify their identities and change their passwords.

      Most stolen password lists are compiled from Websites with weak encryption or ones that store their passwords in plain text, according to Weinert, suggesting that the Hotmail credentials weren’t plucked directly from Microsoft’s systems. Phishing and malware also play a role, and password reuse exacerbates the problem by compromising the accounts of other providers that users are likely to patronize.

      Log-in credentials are often the weakest link both personal and enterprise data security. Phishers, for example, spam individual and corporate email accounts in the hopes that users will open malicious attachments or click on links to fraudulent sites that collect passwords.

      A recent report from Verizon revealed that users open up 30 percent of phishing messages (a 7 percent increase since 2015), and 13 percent of them click on phony links or open dangerous attachments.

      To help combat this in the enterprise, where a single set of stolen credentials can help a hacker establish a firm foothold on a corporate network, Microsoft has been building up its cloud- and machine-learning-based defenses. Last year, Microsoft announced a new option for Azure Active Directory (AD) Premium customers that alerts administrators when their users’ credentials have leaked by culling and analyzing data from publicly disclosed password lists.

      In March, the company announced a public beta of its Azure AD Identity Protection product. Using machine-learning-based detection and automated mitigation technologies, the service intercepts suspicious log-in attempts and blocks access if necessary. Each authentication request generates a risk score. Based on that score, administrators can configure Azure AD Identity Protection to deny access, require that users change their passwords or pose a multifactor authentication challenge.

      Avatar
      Pedro Hernandez
      Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the Internet.com network of IT-related websites and as the Green IT curator for GigaOM Pro.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×